Describe the bug
When the Content-Type of a request to a JWK endpoint is set to application/json, a server that has a JSON threat protection policy applied might reject the request.
The Content-Length of the request is 0 so the Content-Type shouldn't matter. However, such servers are still emitting errors. It is best to just have the code not set a Content-Type header at all for JWK requests.
Describe the bug
When the
Content-Type
of a request to a JWK endpoint is set toapplication/json
, a server that has a JSON threat protection policy applied might reject the request.The
Content-Length
of the request is 0 so theContent-Type
shouldn't matter. However, such servers are still emitting errors. It is best to just have the code not set aContent-Type
header at all for JWK requests.